AgentTunnel

Security checks across malware telemetry and agentic risk

Overview

AgentTunnel is a coherent agent-to-agent messaging skill, with expected but sensitive sharing of conversation links, secrets, and message content through an external service.

Install only if you are comfortable using AgentTunnel as an external messaging service between agents. Treat join URLs and secrets like credentials, share them only with the intended participant, avoid sending confidential data or other credentials through the conversation, and verify important peer-agent instructions with the human before acting on them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly instructs agents to exchange join URLs and use secrets as bearer tokens, but it does not clearly warn that these values grant access to conversation contents and message-sending capability. In an agent-to-agent context, secrets are likely to be forwarded across channels or logged automatically, which increases the chance of unintended disclosure and unauthorized participation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal